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ELECTRONI C TRANSACTION SECURITY METHOD 



FIELD OF THE INVENTION 

The present invention relates to the electronic processing of credit card 
transactions. 

BACKGROUND OF THF INVENTION 

Credit cards are commonly used over the public Internet to purchase 
goods and services. The information required to initiate a transaction consists of 
a credit card number, an expiration date for the card, a cardholder's billing 
address and the card holder's name as shown on the card. All of the information 
made available to support a credit card transaction may become known to a third 
party who is then in a position to use the same without the consent or knowledge 
of the cardholder. The fact that the credit card information can be re-used by a 
third party without the consent or knowledge of the card holder creates a 
problem for both the cardholder and the institution that issued the credit card. 

SUMMARY OF THE INVFNTION 

A primary object of this invention is to provide a method and arrangement 
for securing electronic transactions against fraud. 

Another object of this invention is to provide a method and an 
arrangement that serves to limit the useful lifetime of credit card transaction 
information. 

A more specific object of the present invention is to define a method and 
an arrangement that creates or enables, at the time that an electronic credit card 
transaction is initiated, a date/time stamp that is based on or obtained from a 
non-adjustable clock. The date/time stamp is embedded in or accompanies the 
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credit card transaction information provided by the user and serves to limit the 
useful lifetime of that transaction information. The method and arrangement 
also provides for checking the date/time stamp against a non-adjustable clock 
the instant that the credit card transaction information is received to verify that 
the transaction information is valid and that the transaction should proceed. 
The method of the present invention is applicable to all credit card transactions 
as well as other electronic transactions that need or would benefit from a limit on 
the useful lifetime of transaction information. 

With respect to the method of the present invention, it is to be understood 
that a non-adjustable clock is an accurate clock which is fixed in the sense that it 
cannot be adjusted by a party to the electronic transaction and which is available 
to both the initiator and validator of the transaction. It is contemplated the 
initiator and the validator may access different non-adjustable clocks provided 
that they provide identical internet times (net-time). A net-time date/time stamp 
is understood to be a date/time stamp created from a non-adjustable clock 
available on the internet. To allow for different time zones at the locations of the 
initiator and validator, the date/time stamp is keyed to a common time standard, 
e,g., Greenwich mean time. The most common on-line sources for a non- 
adjustable clock are accessible on servers run by the U.S. government and other 
institutions. A preferred source is the master clock of the U.S. Naval 
Observatory. The latter is available on line on the internet at the following 
address: http://tycho.usno.navy.mir. The method of the present invention 
allows for the use of any encryption scheme whereby the encryption technique is 
supplied by the credit card institution or provider of the method. 

BRIEF DESCRIPTION OF THE DRAWINGS 

An embodiment of the invention is depicted in the drawings and 
elucidated in the following description, in which: 
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Fig. 1 shows a software flowchart representing the method of the present 
invention. 

Fig. 2 shows a software flowchart of an alternative embodiment of the 
method of the present invention. 

DETAILED DESCRIPTION 

A typical credit card transaction consists of an account number, a credit 
card holder's name and a credit card expiration date. Occasionally other 
information, e.g., a personal identification number (PIN), may be gathered to 
help validate the transaction (the PIN, which may be represented by a sequence 
of alphanumeric characters in any combination, is intended to be known only to 
the issuing institution and the customer or user). All of this credit card 
information is passed to the entity that is brokering the transaction, namely the 
credit card issuer or another party acting on behalf of or for the credit card issuer, 
for verification and validation . In the usual case the information is transmitted to 
the validating institution by a third party vendor. However, it is understood that in 
some cases the user may deal directly with the validating institution, e.g., where 
the credit card issuer is a bank with whom the user has a bank account and the 
user desires to execute an electronic transfer of funds from his bank account 
The present invention improves on the security of electronic financial 
transactions by including an encrypted date/time stamp that is passed along as 
part of the information required to secure the transaction against fraud, i.e., to 
obtain validation of the transaction information. The encryption scheme may use 
all or part of a credit card account number and/or a PIN known only to the 
cardholder and the institution issuing the credit card to ensure that the date/time 
stamp cannot be generated by an unauthorized entity. 

The software that implements the method of this invention may be 
embedded in the user's (customer's) web browser or may be a separate program 
that can be accessed on command by that web browser. The software maybe in 



VASiL-01 



4 

the form of an active X-control, a Java applet, or any other program that can 
execute in a web browser. 

According to a preferred embodiment of the invention, the software that 
executes in the browser first obtains a date/time stamp from a known non- 
adjustable time source such as the master clock of the U.S. Naval Observatory, 
and then encrypts it using a predetermined encryption technique or program. 
The encrypted date/time stamp is passed along with other credit card transaction 
information to a validating institution for processing, as described hereinafter. In 
this preferred embodiment, an example code fragment of the embedded 
software code is: 

x = nettime( ); 
y = encrypt(x); 
return y; 

where "nettime" is the date/time data obtained from a non-adjustable time 
source. 

Further details of the preferred embodiment of the present invention are 
presented in the following description of the method illustrated by Fig. 1. This 
method assumes as a preliminary matter that individual credit card accounts 
have been established by a credit card issuer for a number of different users and 
that each account and its authorized user (credit card holder or a person 
authorized to act for the card holder) are identified by one or more unique 
identification codes, and also that the account and user identification codes and 
other information pertaining to each account is stored in a data base created and 
maintained by the credit card issuer and/or some other party authorized by the 
credit card issuer to validate proposed credit card transactions on behalf of the 
credit card issuer. It is to be understood also that the method of Fig. 1 applies 
to electronic transactions involving only the credit card user and the credit card 
issuer or validating institution, as well as to transactions involving a third party 
vendor from whom the user wishes to purchase goods or services. Accordingly, 
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although not shown in Fig. 1 , it is to be understood that if the proposed 
transaction involves a third party vendor, the transmittal of information between 
the user and validating institution is conducted via the vendor's server. With the 
foregoing in mind, Fig. 1 comprises the following steps: 

1 . Using an internet browser, the consumer or customer (user) 
executes a software application according to the invention for the purpose of 
initiating a credit card transaction. The software is designed to carry out the 
method represented in Fig. 1 and includes a component supplied by the credit 
card processing institution (and embedded in the software application or the 
browser) which is adapted to obtain and encrypt a date/time stamp, delivering an 
encrypted date/time stamp in the form of a series of alphanumeric values. 

2. The transaction is initiated by filling out a transaction information 
form that is made available by the software application through an internet 
browser. Such a form is commonly used by on-line retailers for the collection of 
personal information including the name, address, and credit card number of the 
consumer, and the credit card expiration date.. 

3. After the credit card transaction information is gathered, a date/time 
stamp is obtained from a non-adjustable time source via the internet. 

4 The date/time stamp is encrypted by the software program 
executed in the browser for inclusion with the credit card information to be 
transmitted. Various encryption programs known to persons skilled in the art 
may be used for this invention since the type of encryption technique is not 
critical to the invention described here. However, it is to appreciated that the 
better the encryption technique, the more secure the transaction will be. What is 
important is that the selected encryption scheme be known only to the institution 
validating the transaction and to the software that encrypts the date /time stamp 
when the customer information is entered. 

5. The encrypted date/time stamp and the other information 
representing the proposed transaction (the "document") is transmitted via the 
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internet to a destination where it is to be validated. In the case where the 
transaction is being conducted with a third party vendor via the internet, 
transmission of the transaction information to the validating institution is 
accomplished via the vendor's server. Preferably this is done automatically by 
the vendors server; alternatively it may be done only on command by the 
vendor. 

6. On arrival at the validating institution's server, the credit card 
holder's transaction information is compared with credit card information stored 
in or available to that server in order to verify that the transaction is initiated by 
an authorized user, as is normal practice for existing credit card transaction 
systems. In this case, the verification and validation process involves decrypting 
the date/time stamp using the selected decryption technique to determine the 
exact time that the transaction was initiated. 

7. The decrypted date/time stamp representing the exact time the 
truncation was initiated is compared with a new date/time stamp created from the 
time obtained by the validating institution from a non-adjustable time source via 
the internet. The difference between (a) the time of the date/time stamp 
assigned to the transaction (the "transaction date/time stamp") and (b) the new 
date/time stamp representing the time obtained by the validating institution from 
the non-adjustable time source is then compared with a known time limit known 
only to the entity that has the responsibility of validating or rejecting the 
transaction. If the time limit has been exceeded the transaction is considered 
not to be valid and is rejected, and the rejection is communicated back to the 
vendor and/or the car holder or other party who initiated the transaction. If the 
time difference is at or within the time limit, the transaction is validated (provided, 
of course, that the remainder of the transaction information has been deemed 
valid) and that transaction validation is communicated back to the vendor and 
card holder or other party who initiated the transaction process. 
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Fig. 2 illustrates another embodiment of the invention for use when a 
credit card issuer wishes to use a PIN (personal identifier number) and a 
public/private key encryption technique to secure the transaction. The validating 
institution, e.g., the credit card issuer, selects the encryption technology to be 
used. As with the embodiment of Fig. 1 , various encryption programs known to 
persons skilled in the art may be used for this invention since the type of 
encryption technique is not critical to the invention described here. However, it is 
to appreciated that the better the encryption technique, the more secure the 
transaction will be. What is important is that the encryption scheme be known 
only to the institution validating the transaction and to the software that encrypts 
the date /time stamp when the customer information is entered. An advantage of 
a number of known public/private key encryption methods that may be used for 
this invention is that they are easy to use while providing transaction privacy. 

As with the method of Fig. 1, this embodiment assumes as a preliminary 
matter that (a) individual credit card accounts have been established by a credit 
card issuer for a number of different users and that each account and its 
authorized user(s) are identified by unique identification codes, (b) a PIN has 
been assigned to each authorized user which is known only to the credit card 
issuer, the validating institution (if different from the credit card issuer), and the 
credit card holder or a user authorized by the credit card holder. It is to be 
understood also that the method of Fig. 2 applies to electronic transactions 
involving only the credit card user and the credit card issuer or validating 
institution, as well as to transactions involving a third party vendor from whom 
the user wishes to purchase goods or services. Accordingly, although not shown 
in Fig. 2, it is to be understood that if the proposed transaction involves a third 
party vendor, the transmittal of information between the user and validating 
institution is conducted via the vendor's server 

Referring now to Fig. 2, the method illustrated therein comprises the 
following steps 
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1 . Using an internet browser, the consumer or customer executes a 
software application embodying the invention for the purpose of initiating a credit 
card transaction. As with the preferred embodiment of the invention represented 
in Fig. 1, the software application includes a component supplied by the credit 
card processing institution (and embedded in the software application or the 
browser) which is adapted to obtain and encrypt a date/time stamp, delivering an 
encrypted date/time stamp in the form of a series of alphanumeric values 

2. The customer or user records (a) personal information required by 
the vendor for the transaction, e.g., name and address of the customer or other 
user, (b) a public key number (PKN), and (c) a private key number (the PIN). An 
example of a PKN is a credit card account number. However, the credit card 
issuer or other validating institution may elect to require use of another 
alphanumeric sequence as the PKN in addition to or in place of the credit card 
account number. As an alternative approach, it is envisioned that the public key 
(PKN) may be the PIN and the private key may be something known only to the 
institution and the ePIN software generator. 

3. A date/time stamp is obtained from a non-adjustable time source 
via the internet, as described above. 

4. The PIN and the date/time stamp are converted to an ePIN for 
transmission via the internet. In this step the software program uses the PIN 
along with the date/time stamp as the basis for creating an encrypted sequence 
of alphanumeric characters that constitute the ePIN. The latter hides the PIN 
and the date/time stamp so that they can be retrieved only by the validating 
institution. As an alternative approach, the software program may be designed 
to use all or part of the PKN as well as the PIN and the date/time stamp to 
generate the ePIN. 

5. The data representing the transaction (the "document" ) is 
transmitted via the internet to the validating institution. The document includes 
the ePIN and the PKN, as well as other transaction data entered by the user 
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which is requested by the validator, e.g., name and account number of the credit 
card holder. If a third party vendor is involved in the proposed transaction, the 
transmission of the data to the validating institution is accomplished via the 
vendor's server, and this may be done automatically or on command by the 
vendor. 

6. The validating institution decrypts the ePiN to obtain the PIN and 
the date/time stamp. 

7. The validating institution looks up the user's PIN in its database to 
determine if the transmitted PIN is valid. If it is valid, the checking continues; 
otherwise the transaction is rejected, and the rejection is communicated to the 
vendor and/or the customer or other party who initiated the transaction, 

8. Next the validating institution checks the age of the transaction. 
More specifically, the decrypted date/time stamp representing the exact time the 
transaction was initiated is compared with a new date/time stamp created from 
the time obtained by the validating institution from a non-adjustable time source 
via the internet. The difference between the time of the date/time stamp 
assigned to the transaction (the "transaction date/time stamp") and the new 
date/time stamp representing the time obtained by the validating institution from 
the non-adjustable time source is compared against a known time limit known 
only to the entity that has the responsibility of validating or rejecting the 
transaction. If the time limit has been exceeded, the transaction is considered 
not to be valid and is rejected. If the time limit has not been exceeded, the 
transaction is validated (provided, of course, that the remainder of the 
transaction has been verified as being correct). As in step 7, the rejection is 
communicated to the vendor and/or the customer or other party who initiated the 
transaction. 

With respect to validating the date/time stamp, it is to be understood that 
the credit card issuer or other validating institution sets the time period for a 
transaction to be valid, and that its server may be programmed to validate not 
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only transactions which are presented for validation within the time limit but also 

those which exceed the time limit by a predetermined tolerance magnitude, e.g., 

to compensate for time delays due to heavy transaction traffic. Also although (a) 

the time represented by the date/time stamp is the time that the stamp is 

generated from the non-adjustable time source and (b) the date stamp may not 

be transmitted to the validating institution instantaneously upon being generated, 

for convenience it may be deemed to be and is characterized herein as the time 

that the proposed transaction is initiated, or as the "current transaction time", 

since the time difference is quite small, generally in the order of seconds. 

It is contemplated that the invention may be practiced other than as 

described above. Thus according to an alternative version of the foregoing 

embodiments, the software executed in the browser first obtains a date/time 

stamp from a non-adjustable time source via the internet, but the encrypted 

date/time stamp is not generated by the program accessed by the user's 

browser; instead the date stamp is encrypted by the validating institution 

(validator) and delivered to the user's (initiator's) browser via the internet. 

Accordingly, in this embodiment, the software code embedded in the browser 

may comprise the following: 

y = GetEncrytedDateTimeFromlnstitution(); 
return y; 

The embedded code for GetEncrytedDateTimeFromlnstitution() is: 

OpenSocket(lnstitutionServer); 
GetEncryptedDateTimeStamp( ); 
Close Socket( ): 

For this embodiment, the Credit Card Institution Server contains the following 

code fragment: 

x = nettime(); 
y = encrypt(x); 
return y 
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Other variations of the invention will be obvious to persons skilled in the art 

The invention offers several advantages. For one thing, it can be 
implemented using known programming and encryption techniques. Secondly, it 
requires no special computer or communication equipment and hence can be 
implemented at relatively low cost. Thirdly it safeguards electronic transactions 
against fraud by introducing an additional layer of user identification that is time 
limited and hence is difficult, if not impossible, to circumvent. Fourthly it may be 
used to safeguard other electronic transactions in addition to ordinary credit card 
transactions involving a customer, a vendor and the credit card issuer, e.g., 
orders to transfer funds from a bank or other credit account Other advantages 
will be obvious to persons skilled in the art. 



VASiL-01 



WHAT IS CLAIMED IS: 



12 



1 . A method of limiting the amount of time credit card information is valid for 
use in support of an electronic transaction comprising the following steps: 

A. initiating a credit card transaction by accessing a vendor via an 
internet browser; 

B. recording credit card information required by the vendor via the 
browser; 

C obtaining a date/time stamp representing the current time; 

D. encrypting said stamp; and 

E. transmitting said credit card information and said encrypted stamp 
to a validating institution for validation, whereby said validating institution may 
decrypt said encrypted stamp to determine if the age of the proposed transaction 
as represented by the time of the decrypted stamp is within a predetermined time 
limit required for validating the transaction. 

2. A method according to claim 1 wherein step B includes recording a PIN 
number as part of the credit card information. 

3 A method of limiting the amount of time credit card information is valid for 
use in support of an electronic transaction comprising the following steps: 

A. initiating a credit card transaction by accessing a vendor via an 
internet browser; 

B. recording credit card information required by the vendor via the 
browser; 

C obtaining a date/time stamp representing the current time; 

D. using said PIN number and said date/time stamp to generate an 
ePIN which comprises an encrypted sequence of alphanumeric characters 
representing said PIN and/or said date/time stamp; 
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E. transmitting said credit card information and said ePIN to a 
validating institution for validation, whereby said validating institution may 
decrypt said ePIN to obtain said date/time stamp and determine if the age of the 
proposed transaction as represented by the time of the decrypted date/time 
stamp is within a predetermined time limit required for validating the transaction. 

4. A method of conducting electronic credit card transactions so as to guard 
against fraud, comprising the following steps: 

a credit card user initiates a credit card transaction by accessing a credit 
card validating institution via a third party vendor using an internet browser and 
transmitting to that validating institution credit card information identifying said 
user and an encrypted date/time stamp representing the current transaction time 
obtained from a non-adjustable time source; 

said validating institution receives said encrypted date/time stamp and 
said other credit card information and decrypts said encrypted stamp to derive 
the current transaction time as represented by said decrypted date/time stamp; 

said validating institution (1) compares said credit card information with 
previously recorded user information to verify that the user initiating the proposed 
transaction is an authorized user and (2) also compares the current transaction 
time represented by said decrypted date/time stamp with the time of its receipt of 
said encrypted date time stamp and determines if the difference, if any, between 
said times is within a predetermined time limit; and 

depending on the determination made in the foregoing step, the validating 
institution communicates either a validation or rejection of the transaction to the 
user initiating the proposed transaction. 

5. A method according to claim 4 wherein said user also transmits an 
encrypted PIN to said validating institution, and said validating institution 
decrypts said PIN as part of its validation process. 
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6. A method of providing security to an electronic credit card system wherein 
initiation of a credit card transaction requires the credit card user to transmit 
specific identifying information to a transaction validating institution, comprising 
the step of including an encrypted date/time stamp as part of the credit card 
transaction information that is transmitted to the transaction validating institution, 
said date/time stamp being derived from a non-adjustable time source and 
indicating the current time of the proposed transaction, said encrypted date/time 
stamp being encrypted according to an encryption scheme specified by said 
transaction validating institution. 

7. A method according to claim 6 wherein said transaction information 
includes a credit card account number and a PIN. 

8. A method for providing secure credit card transactions between a first entity and 
at least one additional entity, comprising the steps of: 

(a) establishing a credit card account for the first entity, creating a preset 
identification code for that account, storing said identification code in a selected 
validating system, and providing said code to said first entity; 

(b) receiving in the validating system for verification a first identification code 
which is transmitted at the request of a person who may or may not be said first entity, 
said first identification code being transmitted with other transaction information in 
connection with a credit card transaction proposed by said person and including an 
encrypted date/time stamp representing the time that said proposed credit card 
transaction was initiated by said person; 

(c) comparing the time represented by said date/time stamp with the current 
time provided by a non-adjustable clock; and 

(d) rejecting the proposed transaction if there is a difference between the 
time represented by said date/time stamp and the current time provided by said non- 
adjustable clock and said difference in time exceeds a predetermined limit 
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9. The method of claim 8 further including the step of comparing said first 
identification code with said pre-set identification code and rejecting the 
proposed transaction if the first identification code does not conform to said pre- 
set identification code of said first entity. 

10. The method of claim 8 wherein said at least one additional entity is a third 
party vendor of goods or services, and further wherein said first identification 
code and said other transaction information are transmitted to said validation 
system via said third party vendor, said third party vendor having received said 
first identification code and said other transaction information from said person. 

11.. A method for authorizing an electronic business transaction by an authorized 
user, comprising the steps of: 

(a) storing information about authorized users, including pre-set unique 
identification codes for each authorized user, in a validating system, and providing said 
identification codes to said authorized users for use in initiating and completing 
electronic transactions; 

(b) receiving in the validating system for verification an identification code 
which is transmitted in connection with a proposed electronic business transaction at the 
request of a person who may or may not be an authorized user, said identification code 
being transmitted and received together with a date/time stamp representing the time 
that the proposed electronic business transaction was initiated by said person; 

(c) comparing said transmitted and received identification code with the 
pre-set unique identification codes stored in said validating system to verify that it is 
valid, and rejecting the proposed transaction if said transmitted and received 
identification code is not valid; and 

(d) . if said transmitted and received identification code is verified as valid, (a) 
comparing the time represented by date/time stamp with the time of receipt of said 
transmitted identification code and date/time stamp by said validating system, and (b) 



VASIL-01 



16 

rejecting the proposed transaction if there is a difference between the time represented 
by said date/time stamp and said time of receipt, and that difference exceeds a 
predetermined limit. 

12. The method of claim 1 1 wherein said electronic transactions is a credit 
card transaction, and each of said unique identification codes include a unique 
credit card account designation. 

13* The method of claim 11 wherein said identification code received by said 
validating system is transmitted to said validating system via a third party vendor, 
and further wherein rejection or authorization of said proposed transaction is 
communicated by said validating system to said vendor. 

14. The method of claim 1 1 wherein said received date/time stamp is 
encrypted, and further wherein said step (d) is preceded by the step of 
decrypting said received date/time stamp. 

15. The method of claim 1 1 wherein said received date/time stamp and at 
least a portion of said received identification code are encrypted, and further 
wherein step (d) is preceded by a decryption step to decrypt said date/time 
stamp and the encrypted portion of said received identification code. 

1 6. The method of claim 1 5 wherein said transmitted and received 
identification code includes a PIN. 

17. The method of claim 16 wherein said PIN in said received identification 
code is encrypted. 
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18. The method of claim 1 1 wherein said transmitted and received 
identification code includes a PKN. 

19. The method of 18 wherein said PKN in said received identification code 
is encrypted. 
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A BSTRACT 

A software-based computer method for limiting the lifetime of an electronic 
credit card transaction that makes the transmitted credit card information useless 
when a configurable time limit expires. The method is designed to provide 
protection for electronic transactions that require use of an identifying key such 
as a credit card number, with or without an additional unique identifier comprising 
a sequence of alphanumeric values, such as a PIN, for the purpose of initiating a 
transaction. The method provides protection by the addition of a transaction- 
initiated date/time stamp which is included as part of the transmitted transaction 
information and provides the basis for limiting the amount of time the transaction 
is valid. 
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As a below-named inventor, I hereby declare that: My residence, post 
office address and citizenship are as stated below next to my name. I believe I 
am the original, first and sole inventor (if only one name is listed below) or an 
original, first and joint inventor (if plural names are listed below) of the subject 
matter which is claimed and for which a patent is sought on the invention entitled 
ELECTRONIC TRANSACTION SECURITY METHOD, the specification of which 
is attached hereto. 

I hereby state that I have reviewed and understand the contents of the 
above-identified specification, including the claims. 

I acknowledge the duty to disclose information which is material to the 
examination of this application in accordance with Title 37, Code of Federal 
Regulations, Section 1.56(a). 

I hereby appoint Pandiscio & Pandiscio, a firm composed of Nicholas A. 
Pandiscio, Registration No. 17,293, Mark J. Pandiscio, Registration No. 30,883, 
Scott R. Foster, Registration No. 20,570, and James A. Sheridan, Registration 
No. 43,1 14, or any of them, of 470 Totten Pond Road, Waltham, Massachusetts 
02451, (Telephone No. 781-290-0060), my attorneys with full power of 
substitution and revocation, to prosecute this application and to transact all 
business in the Patent Office connected therewith. 

Please direct all correspondence in this matter to: 

Nicholas A. Pandiscio 
Pandiscio & Pandiscio, P.C. 
470 Totten Pond Road 
Waltham, MA 02451-1914 
Tel.: 781 290 0060 
Fax.: 781 290 4840 
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Mark J. Pandiscio 



VASIL-01 



20 

! hereby declare that all statements made herein of my own knowledge 
are true and that all statements made on information and belief are believed to 
be true; and further that these statements were made with the knowledge that 
willful false statements and the like so made are punishable by fine or 
imprisonment, or both, under Section 1001 of Title 18 of the United States Code 
and that such willful false statements may jeopardize the validity of the 
application or any patent issued thereon. 
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FIGURE 1 



Consumer executes a software application 
(Slepl) 
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Consumer enters typical credit card information 
(Step 2) 
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Software program obtains a date/time stamp from a non-adjustable time 

source 
(Step 3) 
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The date/time stamp is encrypted 
{Step 4) 
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Tne document is transmitted. 
(Step 5} 
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Institution that validates the transaction decrypts the Date/time stamp 
(Step 6) 
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FIGURE 2 



Consumer executes a software application 
(Step 1) 
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Consumer enters PKN.P1N and other credit card information 
(Step 2) 






Date/Time stamp is obtained 
(Step 3) 






PIN and Date/Time stamp are converted to ePin 
(Step 4) 
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The document is transmitted. 
(Step 5) 
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Transaction validating institution decrypts ePin 
(Step 6) 
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